Wednesday, January 12, 2011

Is there a Windows 7 compatible IPSec VPN client that allows protocol and port specific rules?

As the title says, I need to find a IPSec VPN client for Windows 7.
On XP and Vista we've used SafeNet SoftRemote in which you can set up rules for specific protocols and ports. But SoftRemote isn't compatible with Windows 7.

172.xxx.xxx.1 TCP 1433
172.xxx.xxx.2 TCP 1433
172.xxx.xxx.10 ALL
...

Since the VPN gateway is configured this way the client must mirror these settings. I've tried TheGreenBow, NCP Secure Entry, Cisco VPN Client and Shrew Soft VPN but none of these allows you to configure by protocol and port.

Does anyone have any other suggestions?

EDIT: Forgot to mention that agressive mode is also a requirement.

--UPDATE--
I've got some news...
I've managed to get SoftRemote to work on Windows 7 x64 through Windows XP Mode. After scouring all corners of the Internet for idéas I had enough information to construct a working solution.

This solution will probably benefit other clients as well!

You'll find a post here with detailed instructions of how I went about.

From serverfault Sani Huttunen

  • Would the Cisco AnyConnect Client work?

    http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-527494.html

    Sani Huttunen : Unfortunately no since it's an SSL VPN client.
    Gromer : :( If you find an answer, make sure you post it, I'm just getting into VPN stuff and am about to *attempt* to set my Cisco PIX 501 up tonight.
    Sani Huttunen : I sure will. Might also put this up with a bounty if nothing comes up.
    GregD : @Gromer - Just so you know, I don't believe that the AnyConnect client is supported on your PIX with version 8 code.
    From Gromer

  • I'm not sure if any of these meet your needs, but TechNet has a blog where they tested several clients for compatibility.

    VPN Client Compatibility with Windows 7 and Windows Server 2008 R2

    According to them a version for Windows 7 of SafeNet SoftRemote is due out in Q4 2009.

    Sani Huttunen : I've seen that source and no it's not SoftRemote that will be out in Q4 but rather QuickSec. There is no ETA on SoftRemote. While they tested serveral clients I haven't found a single Windows 7 IPSec client that meets my requirements.
    KevinH : @ CKret - Thanks for the correction. I was just taking a quick look at the site, and didn't catch that it was actually a different product from the same company.
    From KevinH

  • (I can't comment yet, so I'm going to post to ask for clarification initially, then edit as necessary.)

    If I understand, you're looking for a way to identify specific traffic flows (destination address / subnet, protocol, port combinations) that should be subjected to IPSEC encryption / authentication under Windows 7. Is that accurate?

    The built-in ISPEC client in Windows 7 will allow you create IPSEC policies with "filters" that identify when traffic should be encrypted. Getting over the initial interop hurdle with your VPN gateway may be a bit tough, but this built-in functionality would allow you to subject only specific traffic flows to IPSEC encryption / authentication,

    Open an "MMC.exe" instance and snap-in the "IP Security Policy Management" snap-in. Create an IPSEC policy and tool around in the settings for a bit. You can configure the IKE and main-mode encryption / authentication settings, as well as creating filter rules to define the types of traffic that will be encrypted / blocked, etc.

    Sani Huttunen : I seem to have forgotten to mention one important piece of information: I need aggressive mode which rules out the built-in IPSec in Windows 7. (If I understand it correctly that it doesn't support.) It is during Phase 2 negotiations the rules need to mirror the gateway rules. I.e. Protocol and port must match otherwise the gateway doesn't accept the connection You are right about the filters though
    Evan Anderson : Yep-- as far as I can tell, Windows 7 continues the trend of not supporting aggressive mode. *sigh*
    From Evan Anderson

  • Don't know if it meets the needs, but NCP client is good, and they have a beta which is Win7 compatible.... www.ncp-e.com

    Sani Huttunen : I've already tried NCP (as mentioned in the question) and unfortunately no, it does not meet the requirements.
    From $pageUsers[$post.author].name

  • The mobile VPN product from www.ipunplugged.com supports Win7 This is an IPSec mobile VPN based on Mobile IP... not just a VPN client.

    From $pageUsers[$post.author].name

  • you may want to take a look at strongswan. I believe they have a version for windows 7.

    From
Posted by Mu Cat at 9:47 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)